Four months after security researchers uncovered a “Tetrade” of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware.
According to Kaspersky’s Global Research and Analysis Team (GReAT), the Brazil-based threat group Guildma has deployed “Ghimob,” an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.
“Ghimob is a full-fledged spy in your pocket: once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their anti-fraud behavioral systems,” the cybersecurity firm said in a Monday analysis.
In addition to sharing the same infrastructure as that of Guildma, Ghimob continues the modus operandi of using phishing emails as a mechanism to distribute the malware, luring unsuspecting users into…
http://feedproxy.google.com/~r/TheHackersNews/~3/g9ycEm2Q_C8/watch-out-new-android-banking-trojan.html